Most of the code base for this module is to implement drupal hooks, map SAML attributes to Drupal Users, and the admin interfaces and documentation for those tasks. This module seems to do a great job of that. It has very little dependency on simplesamlphp as far as I can tell. Looks like only the following class and methods bridge the module and simplesamlphp:

SimpleSAML_Auth_Simple methods

  • - requireAuth(['ReturnTo' => $uri])
  • isAuthenticated()
  • getAttributes()
  • logout($redirect_path)

Many of us use apache modules (mod_shib, mod_auth_saml, or mod_auth_mellon) to do SAML such that we only have to implement once per webserver to support php and other environments and avoid dependencies on things like simplesamlphp.

Other than the current naming of the module, I don't see any obstacles to making the module work with saml attributes provided via environment variables. The work would simply involve:
- implementing a replacement class for SimpleSAML_Auth_Simple and their methods
- a switch in the admin interface and ability to specify logout path and authentication variable name values.
- a small factory class to decide which class to load

The module name itself is already out of sync with the module, since it does authentication, user provisioning, and authorization. So I don't think it would be too much of a stretch for simplesamlphp_auth to not require simplesamlphp.

Would you be receptive to such a patch/feature?
Or is there a more appropriate module to use for this?

Comments

johnbarclay created an issue. See original summary.

PunamShelke’s picture

Issue summary: View changes

HI,

I am also looking for the same feature..